fa
Feedback
Kubesploit

Kubesploit

رفتن به کانال در Telegram

News and links on Kubernetes security curated by the @Learnk8s team Website: https://kubesploit.io/

نمایش بیشتر
2 078
مشترکین
+124 ساعت
اطلاعاتی وجود ندارد7 روز
+1530 روز

در حال بارگیری داده...

جذب مشترکین
ژوئیه '26
ژوئیه '26
+23
در 1 کانال‌ها
ژوئن '26
+41
در 3 کانال‌ها
Get PRO
مه '26
+49
در 3 کانال‌ها
Get PRO
آوریل '26
+36
در 3 کانال‌ها
Get PRO
مارس '26
+65
در 5 کانال‌ها
Get PRO
فوریه '26
+35
در 1 کانال‌ها
Get PRO
ژانویه '26
+29
در 1 کانال‌ها
Get PRO
دسامبر '25
+44
در 3 کانال‌ها
Get PRO
نوامبر '25
+35
در 2 کانال‌ها
Get PRO
اکتبر '25
+23
در 2 کانال‌ها
Get PRO
سپتامبر '25
+18
در 2 کانال‌ها
Get PRO
اوت '25
+22
در 2 کانال‌ها
Get PRO
ژوئیه '25
+38
در 2 کانال‌ها
Get PRO
ژوئن '25
+18
در 3 کانال‌ها
Get PRO
مه '25
+28
در 2 کانال‌ها
Get PRO
آوریل '25
+18
در 2 کانال‌ها
Get PRO
مارس '25
+23
در 3 کانال‌ها
Get PRO
فوریه '25
+23
در 1 کانال‌ها
Get PRO
ژانویه '25
+28
در 2 کانال‌ها
Get PRO
دسامبر '24
+49
در 1 کانال‌ها
Get PRO
نوامبر '24
+106
در 2 کانال‌ها
Get PRO
اکتبر '24
+103
در 2 کانال‌ها
Get PRO
سپتامبر '24
+94
در 2 کانال‌ها
Get PRO
اوت '24
+147
در 3 کانال‌ها
Get PRO
ژوئیه '24
+62
در 2 کانال‌ها
Get PRO
ژوئن '24
+66
در 3 کانال‌ها
Get PRO
مه '24
+91
در 2 کانال‌ها
Get PRO
آوریل '24
+122
در 3 کانال‌ها
Get PRO
مارس '24
+76
در 3 کانال‌ها
Get PRO
فوریه '24
+57
در 2 کانال‌ها
Get PRO
ژانویه '24
+56
در 2 کانال‌ها
Get PRO
دسامبر '23
+79
در 2 کانال‌ها
Get PRO
نوامبر '23
+21
در 3 کانال‌ها
Get PRO
اکتبر '23
+23
در 2 کانال‌ها
Get PRO
سپتامبر '23
+28
در 0 کانال‌ها
Get PRO
اوت '23
+12
در 0 کانال‌ها
Get PRO
ژوئیه '23
+26
در 0 کانال‌ها
Get PRO
ژوئن '23
+30
در 0 کانال‌ها
Get PRO
مه '23
+42
در 0 کانال‌ها
Get PRO
آوریل '23
+27
در 0 کانال‌ها
Get PRO
مارس '23
+81
در 0 کانال‌ها
Get PRO
فوریه '23
+17
در 0 کانال‌ها
Get PRO
ژانویه '23
+35
در 0 کانال‌ها
Get PRO
دسامبر '22
+22
در 0 کانال‌ها
Get PRO
نوامبر '22
+34
در 0 کانال‌ها
Get PRO
اکتبر '22
+23
در 0 کانال‌ها
Get PRO
سپتامبر '22
+32
در 0 کانال‌ها
Get PRO
اوت '22
+19
در 0 کانال‌ها
Get PRO
ژوئیه '22
+32
در 0 کانال‌ها
Get PRO
ژوئن '22
+22
در 0 کانال‌ها
Get PRO
مه '22
+104
در 0 کانال‌ها
Get PRO
آوریل '22
+36
در 0 کانال‌ها
Get PRO
مارس '22
+33
در 0 کانال‌ها
Get PRO
فوریه '22
+18
در 0 کانال‌ها
Get PRO
ژانویه '22
+22
در 0 کانال‌ها
Get PRO
دسامبر '21
+12
در 0 کانال‌ها
Get PRO
نوامبر '21
+45
در 0 کانال‌ها
Get PRO
اکتبر '21
+388
در 0 کانال‌ها
تاریخ
رشد مشترکین
اشارات
کانال‌ها
17 ژوئیه+2
16 ژوئیه+2
15 ژوئیه0
14 ژوئیه+1
13 ژوئیه+1
12 ژوئیه+2
11 ژوئیه+2
10 ژوئیه0
09 ژوئیه+1
08 ژوئیه0
07 ژوئیه+1
06 ژوئیه+1
05 ژوئیه+3
04 ژوئیه+1
03 ژوئیه+1
02 ژوئیه+3
01 ژوئیه+2
پست‌های کانال
This tutorial shows how to modernize Kyverno policies with CEL using practical Kubernetes security examples like namespace ru
This tutorial shows how to modernize Kyverno policies with CEL using practical Kubernetes security examples like namespace rules, image checks, service account tokens, and safer policy testing. More: https://ku.bz/PcpzWX_N6

2
This article explains how a local 7B model was fine-tuned to answer cloud security, Kubernetes, Terraform, and compliance questions from a rule-based dataset. More: https://ku.bz/NNjhbSslC
148
3
This week on Learn Kubernetes Weekly 192: 🔧 Our Kubernetes Operator Didn't Scale, So We Rebuilt It 🔀 ClickHouse Shard Rebal
This week on Learn Kubernetes Weekly 192: 🔧 Our Kubernetes Operator Didn't Scale, So We Rebuilt It 🔀 ClickHouse Shard Rebalancing on Kubernetes: From Talk to Operator 💥 Invisible OOMkill: Java Pods Crashing in Kubernetes 🗂️ Using Kubernetes ConfigMaps as a Real-Time State Store 🚨 From Container Escape to Cloud Takeover: A Real-World Cloud Security Assessment Read it now: https://kube.today/issues/192 ⭐️ This newsletter is brought to you by Buoyant, the creators of Linkerd https://ku.bz/BB-RtVFWs
92
4
This case study explains how a Kubernetes secrets audit exposed weak secret handling and forced a move toward safer secret management. It covers encoded secrets, RBAC, encryption, external secret stores, and audit-ready controls. More: https://ku.bz/z0ylnRsvd
161
5
How do you give developers access to the Kubernetes API without letting them break things? Peter Kelly describes staged polic
How do you give developers access to the Kubernetes API without letting them break things? Peter Kelly describes staged policies in Project Calico: developers can dry-run network policies to see which flows would be affected before enforcing them. Combined with namespace-scoped policy tiers, teams get real autonomy without risking production traffic. Instead of blocking developers, give them a safe way to test. Full interview: https://ku.bz/xgqZJhdyn Watch the full interview: https://ku.bz/xgqZJhdyn This interview is a reaction to Mac Chaffee's episode https://ku.bz/9nFPmG85f
166
6
Copy Fail Destroyer runs on Kubernetes nodes to detect and remediate Copy Fail and Dirty Frag by probing vulnerable kernel modules, unloading them, exposing metrics, and supporting Helm or ArgoCD deployment. More: https://ku.bz/xvFl18wxv
197
7
k8scout maps realistic Kubernetes escalation paths from a compromised pod to cluster-admin, node access, secret theft, or cloud IAM takeover, with graph output and reviewer mode. More: https://ku.bz/Jt-LJm0f2
284
8
This article explains the Kubernetes v1.36 SELinux volume labeling change and why clusters using SELinux should audit workloads before SELinuxMount becomes the default. More: https://ku.bz/KGR_FN-3w
341
9
This article explains Kubernetes v1.36 fine-grained kubelet authorization and how teams can replace broad nodes/proxy access with safer permissions for metrics, stats, logs, pods, and health checks. More: https://ku.bz/M6WZq580X
363
10
This week on Learn Kubernetes Weekly 191: 🔥 What Does 4.4% GPU Utilization Actually Mean? 🛠️ GKE IP Exhaustion Fixed: The C
This week on Learn Kubernetes Weekly 191: 🔥 What Does 4.4% GPU Utilization Actually Mean? 🛠️ GKE IP Exhaustion Fixed: The Class E Migration Guide 🧹 Evicting MCP Tool Calls from Your Kubernetes Cluster 🔄 The Feedback Loops Behind Kubernetes 🧠 You Don't Have a GIL Problem — You Have a CPU Problem Read it now: https://kube.today/issues/191 ⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
280
11
Copy Fail Blocker deploys a privileged DaemonSet that blocks AF_ALG and AF_RXRPC socket creation cluster-wide to mitigate Copy Fail and similar Linux kernel privilege-escalation paths. More: https://ku.bz/hMfdC6WGc
300
12
Kaniop is a Kubernetes operator written in Rust for managing Kanidm identity management clusters, providing declarative identity management through GitOps workflows. More: https://ku.bz/pFkd88jPW
317
13
This tutorial shows how to connect on-prem Kubernetes workloads to Google Cloud without service account keys using Workload I
This tutorial shows how to connect on-prem Kubernetes workloads to Google Cloud without service account keys using Workload Identity Federation, OIDC, Terraform, Kyverno, and IAM attribute conditions. More: https://ku.bz/1YVD6c3FP
507
14
This week on Learn Kubernetes Weekly 190: 🌪️ Taming the Storm: Building Groww's Internal Chaos Engineering Platform 🧪 Tarac
This week on Learn Kubernetes Weekly 190: 🌪️ Taming the Storm: Building Groww's Internal Chaos Engineering Platform 🧪 Taracode Testing a Go-Based CLI AI Agent in My Homelab 🧠 Building self-evolving AI systems: exploring the architecture 🔄 Migrating from slurm to Kubernetes 🏠 Lessons Learnt Self-hosting an AI Assistant Read it now: https://kube.today/issues/190 ⭐️ This newsletter is brought to you by LearnKube — master Kubernetes with hands-on training designed for engineers who want to learn the smart way https://ku.bz/hypSbyc-V
372
15
John Howard, Senior Software Engineer at Solo.io, explains that the biggest challenge in Kubernetes security isn't features b
John Howard, Senior Software Engineer at Solo.io, explains that the biggest challenge in Kubernetes security isn't features but adoption. He shares how Ambient Mesh originated from users repeatedly requesting "just mTLS" without the overhead of full-service mesh implementation. The team designed Ambient Mesh with compatibility and low footprint as core principles - it doesn't modify traffic patterns, works with any application, and can be deployed cluster-wide without breaking existing workloads. John emphasizes that establishing baseline security everywhere must precede implementing advanced features like sophisticated authorization policies or AI-based anomaly detection. Watch the full episode: https://kube.fmhttps://ku.bz/sk-ZF1PG9
361
16
New on LearnKube: Server-side apply: what happens when you run kubectl apply Server-side apply changes how Kubernetes handles
New on LearnKube: Server-side apply: what happens when you run kubectl apply Server-side apply changes how Kubernetes handles field ownership. Kubernetes objects are shared state. Manifests, controllers, release tools, autoscalers, webhooks, and operators can all shape the same object. With client-side apply, stale intent can overwrite live changes. With server-side apply, ownership moves into the API server. Kubernetes tracks which manager owns each field and surfaces conflicts when ownership is contested. Chiara put serious work into this guide, and you can read it in full here: https://learnkube.com/server-side-apply-kubernetes
192
17
This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, manda
This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, mandating labels, and disallowing privileged workloads. More: https://ku.bz/1Zskfkkvg
379
18
This tutorial shows how to run OWASP ZAP scans inside GitHub Actions using SecureCodeBox on a Kubernetes kind cluster. More:
This tutorial shows how to run OWASP ZAP scans inside GitHub Actions using SecureCodeBox on a Kubernetes kind cluster. More: https://ku.bz/nDZJpmg5F
395
19
This week on Learn Kubernetes Weekly 189: 🔥 Zero-Downtime Kubernetes Ingress Controllers on GCP 🏗️ Architecting GPUaaS for
This week on Learn Kubernetes Weekly 189: 🔥 Zero-Downtime Kubernetes Ingress Controllers on GCP 🏗️ Architecting GPUaaS for Enterprise AI On-Prem 📋 Conditions, Phases, and Declarative Phase Rules in Kubernetes Operators ⚙️ Container-Aware GOMAXPROCS 💀 Why Your Kubernetes Pod Was OOM Killed and Who Really Killed It Read it now: https://kube.today/issues/189 ⭐️ This issue is brought to you by Solanica - replace RDS with a self-hosted DBaaS on your own Kubernetes clusters with automated Day 2 operations and zero vendor lock-in https://ku.bz/NTszfwH40
318
20
This guide walks through deploying Istio via Terraform and Helm to secure service-to-service and external communication with mTLS, automatic sidecar injection, and encrypted ingress via Istio Gateway. More: https://ku.bz/wxcXWRYy2
332